CVE-2026-21654

UNKNOWN 0.0

Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication occurs.This issue affects Frick Controls Quantum HD version 10.22 and prior.

CWE	CWE-78
Vendor	johnson controls
Product	frick controls quantum hd
Published	Feb 27, 2026
Last Updated	Mar 6, 2026

Stay Ahead of the Next One

Get instant alerts for johnson controls frick controls quantum hd

Be the first to know when new unknown vulnerabilities affecting johnson controls frick controls quantum hd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Johnson Controls / Frick Controls Quantum HD

Frick Controls Quantum HD version 10.22 and prior

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-01 johnsoncontrols.com: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Credits

Noam Moshe of Claroty Team 82 Research group